package com.cloudcentral.config;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.cloudcentral.entity.Auth;
import com.cloudcentral.entity.RoleAuth;
import com.cloudcentral.entity.User;
import com.cloudcentral.entity.UserRole;
import com.cloudcentral.mapper.AuthBaseMapper;
import com.cloudcentral.mapper.RoleAuthBaseMapper;
import com.cloudcentral.mapper.UserBaseMapper;
import com.cloudcentral.mapper.UserRoleBaseMapper;
import com.cloudcentral.util.SpringContextUtils;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;

import java.util.List;
import java.util.function.Supplier;

/**
 * Create by Administrator
 * 2023/11/14 11:00
 */
public class CustomAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
  @Override
  public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
    return new AuthorizationDecision(true);
    /**
    HttpServletRequest request = context.getRequest();
    String uri = request.getRequestURI();
    if (StringUtils.isBlank(uri)) return new AuthorizationDecision(true);
    else {
      try {
        Authentication authenticationObj = authentication.get();
        if (authenticationObj == null) throw new AuthenticationServiceException(null);
        else {
          //anonymousUser
          String username = authenticationObj.getName();
          if (StringUtils.isBlank(username)) throw new AuthenticationServiceException(null);
          else return verify(username, uri);
        }
      } catch (Exception e) {
        throw new AuthenticationServiceException("尚未登录");
      }
    }*/
  }

  private AuthorizationDecision verify(String key, String uri) {
    if (StringUtils.isBlank(key)) throw new AuthenticationServiceException("缺少用户名");
    else if (key.equalsIgnoreCase("ROOT")) return new AuthorizationDecision(true);
    else {
      //username.equalsIgnoreCase("anonymousUser")
      UserBaseMapper userBaseMapper = SpringContextUtils.getBean("userBaseMapper", UserBaseMapper.class);
      QueryWrapper<User> queryWrapper = new QueryWrapper<>();
      queryWrapper.eq("username", key).or().eq("phone", key);
      User user = userBaseMapper.selectOne(queryWrapper);
      if (user == null) throw new AuthenticationServiceException("用户不存在");
      else {
        AuthBaseMapper authBaseMapper = SpringContextUtils.getBean("authBaseMapper", AuthBaseMapper.class);
        Auth auth = authBaseMapper.selectByUrl(uri);
        if (auth == null) return new AuthorizationDecision(true);
        else {
          UserRoleBaseMapper userRoleBaseMapper = SpringContextUtils.getBean("userRoleBaseMapper", UserRoleBaseMapper.class);
          RoleAuthBaseMapper roleAuthBaseMapper = SpringContextUtils.getBean("roleAuthBaseMapper", RoleAuthBaseMapper.class);
          QueryWrapper<UserRole> userRoleQueryWrapper = new QueryWrapper<>();
          userRoleQueryWrapper.eq("user_id", user.getId());
          UserRole userRole = userRoleBaseMapper.selectOne(userRoleQueryWrapper);
          QueryWrapper<RoleAuth> roleAuthQueryWrapper = new QueryWrapper<>();
          roleAuthQueryWrapper.eq("role_id", userRole.getRoleId());
          List<RoleAuth> roleAuthList = roleAuthBaseMapper.selectList(roleAuthQueryWrapper);
          return new AuthorizationDecision(roleAuthList.stream().mapToLong(RoleAuth::getAuthId).anyMatch(id -> id == auth.getId()));
        }
      }
    }
  }
}
